Expert21/hermes-osint

# Hermes OSINT v3.0 🏛️🧠 [](https://github.com/Expert21/hermes-osint/releases) [](https://www.gnu.org/licenses/agpl-3.0) [](https://www.python.org/downloads/) [](https://www.docker.com/) [](https://ollama.ai/) ## v3.0 新特性 🎉 **Hermes 3.0** represents a complete paradigm shift from pipeline-based tool orchestration to a **conversational AI-driven investigation platform**. Powered by local LLMs via Ollama, Hermes now understands natural language queries, autonomously selects and executes tools, and synthesizes findings into coherent intelligence reports. ### 🧠 代理智能 - **Natural Language Interface** - Ask questions like "Find everything about @johndoe" instead of memorizing CLI flags - **ReAct Pattern** - Think → Act → Observe cycle for intelligent, iterative investigations - **Autonomous Tool Selection** - LLM decides which tools to run based on context - **Citation-Based Reporting** - Every finding is attributed to its source tool ### 💬 交互式 TUI - **Conversational REPL** - Chat with Hermes in a pentester-themed terminal interface - **Session Persistence** - Save and resume investigations with `/save` and `/load` - **Context Management** - Automatic summarization prevents token overflow in long sessions - **Real-time Status Bar** - Model, context usage, and stealth mode at a glance ### 🔄 灵活执行模式 - **TUI Mode** (default) - Full conversational experience with Ollama - **Headless Mode** - `--headless --query "..."` for scripting and automation - **Legacy Mode** - `hermes sherlock ` for direct tool access without LLM ## 概览 🎯 Hermes is a **universal OSINT orchestration platform** that unifies best-in-class open-source intelligence tools into a single, AI-powered workflow. Instead of manually running Sherlock, TheHarvester, Holehe, and other tools separately—**wasting precious investigation time** ⏰—Hermes's agentic core understands your intent, orchestrates tools intelligently, correlates results across sources, and delivers professional reports. 📊 **What makes Hermes different:** 🌟 - 🧠 **Agentic AI** with ReAct pattern—let the LLM drive your investigation - 💬 **Natural language queries**—no flags to memorize, just describe what you need - 🔒 **Security-first plugin architecture** with static code analysis—trust is earned - 🐳 **Docker isolation** for zero-trust tool execution—sandbox everything - ⚡ **Parallel processing** with intelligent resource management—2x faster than sequential - 🧩 **Cross-tool correlation engine** for relationship mapping—connect the dots automatically - 🔧 **Extensible design**—add new tools without touching core code ## 特性 💎 ### 代理核心 🤖 - **ReAct Agent Loop** with Think → Act → Observe cycle - **Ollama Integration** for local LLM inference (Llama 3, Mistral, etc.) - **Tool Registry** with JSON Schema definitions for function calling - **Context Manager** with rolling summaries (24k char limit for 8B models) - **Session Store** for saving/loading investigation state ### 交互式 TUI 💻 - **prompt_toolkit REPL** with persistent history (`~/.hermes_history`) - **Pentester-themed styling** with green/cyan/orange accents - **Dynamic status bar** showing model, context %, and mode - **Slash commands**: `/help`, `/tools`, `/status`, `/save`, `/load`, `/export`, `/clear`, `/exit` ### 工具编排 🎼 - **6 integrated OSINT tools** out of the box (Sherlock, TheHarvester, h8mail, Holehe, PhoneInfoga, Subfinder) 🛠️ - **Plugin architecture** for seamless third-party tool integration 🔌 - **Static security scanner** validates plugin code before execution—no surprises! 🛡️ - **Multi-mode execution**: Docker containers, native binaries, or hybrid auto-detection 🎭 - **Stealth mode enforcement** - blocks active probing tools when enabled 🥷 ### 性能 🚀 - **Parallel execution** delivers **2x speed improvement** over sequential runs ⚡ - **Smart resource scaling** auto-detects CPU cores and memory 💻 - **Ephemeral containers** spin up, execute, and destroy automatically 🌪️ - **Configurable workers** via `--workers` flag for fine-tuned concurrency 🎛️ ### 智能 🧠 - **Cross-tool correlation** identifies connections between disparate data sources 🔍 - **Fuzzy deduplication** eliminates redundant findings intelligently 🎯 - **Unified entity schema** normalizes output across all tools 📐 - **Source attribution** tracks which tool discovered each finding 📝 - **Confidence scoring** quantifies reliability of findings ⭐ ## 快速入门 🏃‍♂️💨 ### 先决条件 ✅ - Python 3.10 or higher 🐍 - Docker (for containerized tool execution) 🐳 - Ollama with a model installed (for TUI/agentic mode) 🧠 ### 安装 📦 ``` # 克隆并安装 git clone https://github.com/Expert21/hermes-osint.git cd hermes-osint pip install -r requirements.txt pip install . # 安装 Ollama 并拉取模型 curl -fsSL https://ollama.com/install.sh | sh ollama pull llama3.1:8b # 健康检查 hermes --doctor # 🏥 Make sure everything's ready! ``` ### 基本用法 🎮 ``` # 🧠 TUI 模式（默认）- conversational AI 界面 hermes # 然后自然对话：“查找 johndoe 的社交账号” # 📜 无头模式 - 用于脚本和自动化 hermes --headless --query "Investigate the domain example.com" # 🔧 传统模式 - 直接工具访问（无需 LLM） hermes sherlock johndoe hermes theharvester example.com hermes holehe user@example.com ``` ### TUI 命令 💬 ``` /help # Show all commands /tools # List available investigation tools /status # Show current session status /save # Save session to file /load # Load a previous session /sessions # List all saved sessions /export FILE # Export report (md, pdf, html, csv, stix) /stealth # Toggle stealth mode /clear # Clear conversation /exit # Exit Hermes ``` ### 高级用法 🎯 ``` # 隐身模式 - 仅被动工具 hermes --stealth # 阻断：sherlock, holehe, phoneinfoga # 允许：theharvester, subfinder, h8mail # 特定模型选择 hermes --model mistral:7b # 无头模式带输出 hermes --headless --query "Find subdomains for target.com" --output report.md ``` ## 可用工具 🛠️ | Tool | Purpose | Input Type | Stealth | Status | |------|---------|------------|---------|--------| | **Sherlock** 🕵️ | Username enumeration across 300+ sites | Username | ❌ | ✅ | | **TheHarvester** 🌾 | Email/subdomain discovery from OSINT sources | Domain | ✅ | ✅ | | **h8mail** 📧 | Breach data correlation and lookup | Email | ✅ | ✅ | | **Holehe** 🔍 | Email account detection across 120+ platforms | Email | ❌ | ✅ | | **PhoneInfoga** 📱 | Phone number OSINT and carrier lookup | Phone | ❌ | ✅ | | **Subfinder** 🗺️ | Passive subdomain enumeration | Domain | ✅ | ✅ | ## 架构 🏗️ ### v3.0 代理架构 ``` User Input → CLI (cli.py) ├── TUI Mode → AgentLoop → Ollama → ToolExecutor → Adapters ├── Headless → AgentLoop → Single Query → Report └── Legacy → ToolExecutor Direct (no LLM) ``` ### 组件流程 ``` ┌─────────────┐ │ User Query │ 💬 "Find info about johndoe" └──────┬──────┘ │ ▼ ┌─────────────────┐ │ AgentLoop │ 🧠 ReAct: Think → Act → Observe │ (agent_loop.py)│ └────────┬────────┘ │ ├──────────────────┬────────────────┐ ▼ ▼ ▼ ┌──────────────┐ ┌───────────────┐ ┌─────────────┐ │ ToolRegistry │ │ContextManager │ │ SessionStore│ │(tool_registry)│ │(context_mgr.py)│ │(session_store)│ └──────┬───────┘ └───────────────┘ └─────────────┘ │ ▼ ┌──────────────────────┐ │ ToolExecutor │ 🔧 Validates + Executes │ (tool_executor.py) │ └──────────┬───────────┘ │ ▼ ┌─────────────────────────┐ │ ExecutionStrategy │ 🎭 Docker/Native/Hybrid │ (execution_strategy.py) │ └──────────┬──────────────┘ │ ▼ ┌──────────────┐ │ Tool Adapters│ 🔌 Sherlock, TheHarvester, etc. └──────┬───────┘ │ ▼ ┌─────────────┐ ┌──────────────┐ │ Raw Results │─────▶│Deduplication │ ✨ └─────────────┘ └──────┬───────┘ │ ▼ ┌─────────────┐ │ Report │ 📊 │ (exporter) │ └─────────────┘ ``` ### 关键组件 🔑 #### 代理层（`src/agent/`） - **AgentLoop** 🧠: ReAct pattern with Ollama function calling - **ToolRegistry** 📋: JSON Schema definitions for LLM tool use - **ToolExecutor** 🔧: Validates inputs, enforces stealth, bridges to adapters - **ContextManager** 📊: Rolling summaries, prevents token overflow - **SessionStore** 💾: JSON persistence for save/load functionality - **TUI** 💻: prompt_toolkit REPL with pentester styling #### 编排层（`src/orchestration/`） - **ExecutionStrategy** 🎭: Docker/Native/Hybrid mode selection - **DockerManager** 🐳: Ephemeral containers with SHA256 verification - **TaskManager** ⚡: Parallel execution with resource limits #### 安全层（`src/security/`） - **PluginSecurityScanner** 🛡️: AST-based static analysis - **InputValidator** ✅: Injection prevention, path traversal protection - **SecretsManager** 🔐: Encrypted credential storage ## 安全 🔐 ### 代理安全 🛡️ - **Grounding rules** prevent LLM speculation—cite sources or stay silent - **Stealth mode enforcement** blocks active probing tools when enabled - **Input validation** on all tool parameters before execution - **Context limits** prevent prompt injection via token overflow ### 容器隔离 🐳🔒 - **SHA256 digest pinning** prevents image tampering ✅ - **Ephemeral lifecycle** destroys containers immediately after execution 🌪️ - **Resource limits** (76MB RAM, 50% CPU, 64 PIDs) 🚦 - **Network isolation** with configurable DNS and proxy support 🌐 - **Non-root execution** (UID/GID 65534:65534) 👥 ### 插件安全 🛡️ - **Static analysis** detects `eval()`, `exec()`, `os.system()`, and shell injection 🚨 - **Two-tier trust model** separates Tool plugins from Core plugins 🏛️ - **Capability declarations** explicitly define required permissions 📋 ## 输出格式 📄 Hermes generates reports in multiple formats via `/export`—**your data, your way!** 🎨 📦 **JSON** - Structured data for programmatic consumption 📝 **Markdown** - Clean, GitHub-compatible format with tables 🌐 **HTML** - Responsive design with embedded CSS and statistics 📄 **PDF** - Professional formatting with executive summary 📊 **CSV** - Simple tabular format for spreadsheet import 🔒 **STIX 2.1** - Industry-standard threat intelligence format ## 许可证 ⚖️ ### AGPL-3.0（社区版）🆓 Hermes OSINT is licensed under the **GNU Affero General Public License v3.0**. **What this means:** 💡 - ✅ Free to use for personal and commercial purposes - ✅ Open source—view, modify, and distribute the code - ✅ Copyleft—modifications must also be open-sourced under AGPL-3.0 - ⚠️ **Network use = Distribution**—if you run Hermes as a service, you **must** share your source code See the [LICENSE](LICENSE) file for complete terms. ## 使用场景 💼 🔍 **Security Research** - Investigate threats with natural language queries 🤝 **Due Diligence** - "Tell me everything about this person/company" 👣 **Digital Footprint Analysis** - Understand your organization's exposure 📈 **Competitive Intelligence** - Research competitors conversationally 🎯 **Threat Intelligence** - Collect indicators with AI-driven triage 📰 **Investigative Journalism** - Let Hermes connect the dots ## 法律与伦理免责声明 ⚖️ **For authorized OSINT activities only.** ⚠️ Users are solely responsible for obtaining proper authorization, complying with applicable laws, and using this tool ethically. **Permitted uses:** ✅ - Publicly available information gathering - Authorized security assessments - Personal digital footprint analysis - Compliance with local laws and regulations **Prohibited uses:** 🚫 - Harassment, stalking, or intimidation - Unauthorized access attempts - Privacy law violations - Platform Terms of Service violations **The developers assume no liability for misuse of this tool.** 🙅‍♂️ ## 贡献 🤝 Contributions are welcome! 🎉 Please see [PLUGIN_DEVELOPMENT.md](PLUGIN_DEVELOPMENT.md) for plugin creation guidelines and [USAGE.md](USAGE.md) for detailed usage documentation. **Got ideas? Found bugs? Want to add a tool?** Open an issue or submit a PR! 💪 ## 作者 ✍️ **Isaiah Myles** ([@Expert21](https://github.com/Expert21)) *Emerging cybersecurity professional | Pentester mindset | Builder of tools that matter* 🛠️⚡ - 🐛 **Issues**: [GitHub Issues](https://github.com/Expert21/hermes-osint/issues) - 📧 **Email**: isaiahmyles04@protonmail.com

**Hermes v3.0** 🏛️🧠 *The Agentic OSINT Analyst* **Conversational AI. Expert Tools. Unified Intelligence.** Made with 💪 and ☕ by someone who believes OSINT should be **intelligent, secure, and accessible**.

标签：Agentic Intelligence, AGPLv3, AI风险缓解, DInvoke, DLL 劫持, Docker, ESC4, Hermes, LLM, LLM评估, Ollama, OSINT, Python, Python 3.10, ReAct, SEO: Docker安全工具, SEO: OSINT框架, SEO: 开源情报, Unmanaged PE, 上下文管理, 交互式TUI, 会话持久化, 大语言模型, 威胁情报, 安全防御评估, 开发者工具, 情报报告, 无后门, 本地AI, 自动化取证, 自然语言查询, 请求拦截, 调查自动化, 逆向工具